[05:18] morning [05:53] 60 PRs :/ [06:54] good morning [06:55] mborzecki: thank you for the reviews [06:56] zyga: morning [06:56] mvo: hey [06:56] hey mborzecki [06:57] mborzecki: good morning! what did I miss? anything interessting happend? [06:57] mvo: not really, just a lot of open PRs [07:00] mborzecki: ok, let me look at those [07:02] zyga: mvo: need to go out for a while, sent a message in the forum [07:02] ack === pstolowski|afk is now known as pstolowski [07:09] hey pstolowski [07:12] hey zyga and pstolowski [07:14] hey mvo! [07:14] mvo: I think today is a review day [07:18] AFK with dog [07:18] zyga: indeed, looking at the PRs I think you are right [07:38] mvo: zyga: hi, I'll also focus on reviews, at least the first part of the day [07:49] mvo: #6594 needs a quick look from you after the last round of changes and then can land (hopefully) [07:49] PR #6594: [RFC] tests: run smoke tests on (almost) pristine systems [07:51] mborzecki: hey, #6711 can land [07:51] PR #6711: tests/main/selinux-lxd: make sure LXD from snaps works cleanly with enforcing SELinux [07:54] PR snapd#6711 closed: tests/main/selinux-lxd: make sure LXD from snaps works cleanly with enforcing SELinux === chihchun_afk is now known as chihchun [08:00] PR snapd#6696 closed: image: simplify prefer local logic and fixes === chihchun is now known as chihchun_afk === chihchun_afk is now known as chihchun [09:04] re [09:06] hey mborzecki [09:06] how are you feeling? [09:12] brb, breakfast [09:23] hm 2.38 is in fedora updates repo, i might need to update the rpm upgrade triggers in our packaging [09:24] heh, and looking at how the last the last 2 merges to master failed in spread i need to :P [09:25] pstolowski: I did passes on various of your PRs, some can land after small tweaks and then once merged in the follow ups I can look at those [09:26] pedronis: ty, yes, i'm addressing your comments [09:35] pedronis: i've updated https://github.com/snapcore/snapd/pull/6660, you approved it already but please see if the change makes sense [09:35] PR #6660: cmd/debug: integrate new task timings with "snap debug timings" [09:36] pstolowski: ok, will look in a little bit [09:37] pedronis: basically, i think Save had a small bug [09:47] #6713 will unbreak master [09:47] PR #6713: tests/upgrade/basic: restore SELinux context of /var/cache/fontconfig [09:49] zyga: can you take a look at https://github.com/snapcore/snapd/pull/6692 ? super simple and can land quickly [09:49] PR #6692: interfaces: cleanup internal tool lookup in system-key [09:49] absolutely [09:54] pstolowski: looks ok, commented on something else though [09:55] pstolowski: sorry, fixed my comment (mistyped a couple of things in it) [09:55] pedronis: ah, ok, will remove that part of the comment thx [09:56] mborzecki: https://github.com/snapcore/snapd/pull/6692/files#r275287380 ? [09:56] PR #6692: interfaces: cleanup internal tool lookup in system-key [10:01] zyga: there are some units tests for findSnapdPath, maybe i could drop those [10:03] +1 [10:04] it just seems odd to reduce a function to a call to another while keeping it when both seem to relate to the same topic [10:25] Hey guys! Currently, do we update all the boot-partition contents on gadget snap refreshes? [10:26] sil2100: we don't, this is part of the work that mborzecki is doing for the bootloader asset refreshes [10:27] Ok, since I remember this being a work-item but didn't know if it actually landed [10:27] mvo: thanks! [10:30] sil2100: do you need it for sometihng specific? is there anything we need to update? [10:30] sil2100: I found the missing validations, sorry for that! will get this fixed [10:31] * pstolowski lunch [10:35] PR snapd#6713 closed: tests/upgrade/basic, packaging/fedoar: restore SELinux context of /var/cache/fontconfig, patch pre-2.39 mount units [10:40] master should be fine now [10:42] mvo: no no, just was wondering because of the new grub2 in the pc core18 gadget, Steve mentioned that existing users will be 'safe' because of snap refresh not updating the contents as of yet and I was wondering if that's really the case [10:42] mvo: as I remembered discussions about making that happen [10:43] mvo: thanks! Just give me a poke once the other buggers are verified [10:48] sil2100: thanks [11:11] * zyga coffee === sparkieg` is now known as sparkiegeek [11:31] sil2100: notice that even once implemented it will be opt in from the part of the gadget [11:31] pedronis: ok, good to knog [11:31] *know [11:47] * cachio afk [11:52] pstolowski: hi, when you have a little bit of time, could you double check that we have a spread test for this: https://forum.snapcraft.io/t/how-to-disconnect-a-snap-from-internet/10901/11 [11:58] pedronis: sure, will do [11:59] thx [12:06] so I have a coredump, and my application doesnt run if it detects being running as root (so snap run --gdb is useless), what do? [12:06] gdb --core=core /snap/vlc/x1/usr/bin/vlc results in a useless trace (all ??) [12:11] thresh: it's not easy I'm afraid [12:11] thresh: what is the base your snap is using? core or core18? [12:11] zyga, it's core18 [12:13] thresh: so you somehow have to set up gdb to look at debug symbols from ubuntu18.04 -- I don't believe this is documented or explained anywhere [12:13] could having ubuntu 18.04 as a host OS help? [12:13] yes but it's not required [12:13] you need the debug symbol packages [12:14] and you need to have a debug build of the app as well [12:14] I think it's a big endeavour to explain and document properly though [12:14] might be easier to just spin up a VM that trying to do that on my debian [12:14] you don't need a vm [12:14] sure, I've got the idea - will try it, thx [12:14] just debootstrap ubuntu 18.04 or get a tarball from cdimage.ubuntu.com [12:14] PR snapd#6660 closed: cmd/debug: integrate new task timings with "snap debug timings" [12:15] I have *not* done this myself so anything you come up with is worth sharing [12:15] good luck! [12:18] pedronis: moved selinux cleanup task to the 'done' lane === chihchun is now known as chihchun_afk [12:20] mborzecki: great! [12:47] zyga: i'm going to review #6717 in a bit [12:47] PR #6717: snap: fix interface bindings on implicit hooks [12:47] pstolowski: it needs another pass [12:47] pstolowski: I think it needs a fix again [12:47] thanks for tackling it [12:47] pstolowski: look at my comment [12:47] pstolowski: because I think pedronis was spot on, twice :) [12:47] pstolowski: and the simplistic fix was insufficient [12:48] to be fair I wasn't spot on, when we tried to fix this first [12:48] pstolowski: I will add some tests to it today, to show how it fails, then try to fix it, just working on another existing PR [12:48] pedronis: as an extra idea, I was thinking about changing how we load yaml [12:48] zyga: ah, i see the new comments, ack [12:48] pedronis: to allow it to know about the implicit hooks before we read the yaml [12:49] pedronis: so that we can create them and avoid the late binding complexity [12:49] zyga: maybe, that seems a bigger changes though [12:49] pedronis: yes === ricab is now known as ricab|lunch [13:01] anyone up for a 2nd review of https://github.com/snapcore/snapd/pull/6688 ? [13:01] PR #6688: gadget: add validation of cross structure overlap and offset writes [13:06] PR snapd#6625 closed: tests: system disable ssh for config defaults in gadget [13:12] PR snapcraft#2533 closed: tests: classic confinement spread tests for ant and maven [13:24] mborzecki: any ideas, is ausearch failing? https://www.irccloud.com/pastebin/ohLqFsHP/ [13:25] zyga: can you post the debug part of the log? [13:26] ah, indeed [13:26] selinux denials https://www.irccloud.com/pastebin/s5RJWK6u/ [13:29] kenvandine: hello ken [13:30] kenvandine: did you build any kde snap using the frameworks build-snap? [13:31] kenvandine: existing material in the internet suggests it should be straightforward, but my tests were not so smooth [13:31] hey cmatsuoka [13:31] cmatsuoka: i haven't [13:32] zyga: which PR is that? [13:33] I think it was [13:33] https://github.com/snapcore/snapd/pull/6714 [13:33] kenvandine: I'll check it directly with sitter or the folks in #kde-devel [13:33] PR #6714: cmd/snap-confine: reject crafted /tmp/snap.$SNAP_NAME [13:33] mborzecki: no, wait [13:33] wrong branch [13:33] zyga: can you check which tests ran before? it looks like /home/test/snap has incorrect type, so it either was created by the upgrade test and not cleaned up, or restorecon did not restore the permission, snapd has all the permissions to poke snappy_home_t but not user_home_t [13:34] https://api.travis-ci.org/v3/job/520237869/log.txt from https://github.com/snapcore/snapd/pull/6673 [13:34] checking [13:34] PR #6673: cmd,tests: forcibly discard mount namespace when bases change [13:35] google:fedora-29-64:tests/main/interfaces-broadcom-asic-control google:fedora-29-64:tests/main/snap-connect google:fedora-29-64:tests/main/interfaces-device-buttons google:fedora-29-64:tests/main/debug-sandbox google:fedora-29-64:tests/main/confinement-classic google:fedora-29-64:tests/main/try-with-hooks google:fedora-29-64:tests/main/interfaces-calendar-service google:fedora-29-64:tests/main/refresh:strict_remote [13:35] google:fedora-29-64:tests/main/install-errors:noreexec google:fedora-29-64:tests/main/snapctl-services google:fedora-29-64:tests/main/nfs-support google:fedora-29-64:tests/main/snap-debug-get-base-declaration google:fedora-29-64:tests/main/snap-service-stop-mode google:fedora-29-64:tests/main/core-snap-not-test-test google:fedora-29-64:tests/main/install-closed-channel google:fedora-29-64:tests/main/snap-disconnect [13:35] google:fedora-29-64:tests/main/document-portal-activation google:fedora-29-64:tests/main/core18-with-hooks google:fedora-29-64:tests/main/snap-run-symlink-error google:fedora-29-64:tests/main/chattr google:fedora-29-64:tests/main/proxy google:fedora-29-64:tests/main/auto-refresh-private google:fedora-29-64:tests/main/interfaces-netlink-audit google:fedora-29-64:tests/main/auto-aliases [13:35] google:fedora-29-64:tests/main/command-chain:reexec1 google:fedora-29-64:tests/main/classic-ubuntu-core-transition-two-cores google:fedora-29-64:tests/main/interfaces-content-mkdir-writable:common google:fedora-29-64:tests/main/op-remove google:fedora-29-64:tests/main/snap-service-after-before google:fedora-29-64:tests/main/refresh-delta-from-core google:fedora-29-64:tests/main/interfaces-gpg-public-keys [13:35] google:fedora-29-64:tests/main/interfaces-hardware-random-observe google:fedora-29-64:tests/main/interfaces-network-control-ip-netns google:fedora-29-64:tests/main/auto-refresh:parallel google:fedora-29-64:tests/main/disable-autoconnect google:fedora-29-64:tests/main/interfaces-ssh-keys google:fedora-29-64:tests/main/snap-userd-desktop-app-autostart google:fedora-29-64:tests/main/install-refresh-private [13:35] google:fedora-29-64:tests/main/interfaces-network-setup-control google:fedora-29-64:tests/main/install-store-laaaarge google:fedora-29-64:tests/main/econnreset google:fedora-29-64:tests/main/refresh-all google:fedora-29-64:tests/main/interfaces-home google:fedora-29-64:tests/main/umask google:fedora-29-64:tests/main/selinux-lxd + echo '# free space' [13:35] this ran before [13:35] mborzecki: ^ [13:40] zyga, hey, is there any PR/plans for https://bugs.launchpad.net/snapd/+bug/1821023 ? [13:40] Bug #1821023: core18 base on core 16 missing firmware [13:48] * zyga lunch [14:05] PR snapd#6700 closed: packaging: disable -buildmode=pie on all arches <⛔ Blocked> [14:06] 6418 needs a second review [14:10] PR snapd#6594 closed: [RFC] tests: run smoke tests on (almost) pristine systems [14:10] 6599 also needs a second review, should be easy and small === ricab|lunch is now known as ricab [14:24] abeato: no PRs yet, just in the TODO list [14:25] zyga, ok, but still up for 2.39? [14:26] yes [14:30] great [14:36] pedronis: I updated 6603, should be good now [14:37] 6603 also needs a second review [14:49] Chipaca: I suppose you were aware that we potentially import state stuff via auth into snap, seems the go linker is clever that doesn't happen in practice though [14:55] mvo: +1 to 6599 with a comment [14:55] pedronis: you mean snap → o.auth -> o.state? yeah [14:55] Chipaca: yes [14:56] also hexchat is silly and doesn't always do the → -> → thing [14:56] lol [14:56] Chipaca: I can probably untangle that now, though as I said the linker seems to do the right thing [14:56] Chipaca: do you think untangling that would help overall? [14:57] pedronis: not the first thing i worry about wrt untangling tbh [14:57] Chipaca: ok, I'm mentioning it because I'm shuffling things around in that area [14:57] anyway [14:57] ah, if you are then maybe yes === Girtablulu is now known as Girtablulu|Away [14:57] but fully untangling that is a bit of extra work [14:58] pedronis: can you nudge it towards it being easier to do, without it being too much extra work? [14:59] PR snapd#6718 opened: spread, tests: do not leave mislabeled files in restorecon test, attempt to catch similar files [14:59] zyga: ^^ [14:59] Chipaca: yes, basically I'm moving AuthContext to a storecontext packages, to fully untangle some bits of auth would need to move to devicestate [14:59] zyga: hope the safety checks do not catch any thing else [15:00] Chipaca: it might be saner anyway [15:00] to do the last bit [15:00] pedronis: move what to devicestate? [15:00] Chipaca: Device SetDevice User etc [15:01] all the functions taking state.State [15:01] hah, and DeviceState [15:01] no [15:01] that needs to stay in auth [15:01] basically almost only the structs [15:01] would stay in auth [15:02] and be shared with store etc [15:02] Chipaca: are you refactoring any store bits (auth?); asking in the context of autorefresh fix that i'm about to start doing [15:02] pstolowski: pedronis is :-) [15:02] maybe [15:02] Chipaca: I am [15:02] sorry [15:03] pstolowski: I am, but store is actually the package I'm going to touch the least [15:03] pstolowski: I'm not, I'm breaking things in ifacestate and snapstate [15:03] pstolowski: so don't worry [15:03] pstolowski: what I heard pedronis say was "race is on" [15:03] Chipaca: :) [15:04] if I'm touch store a lot I'm doing it wrong [15:09] pedronis: we still need to find a good name for snapshots.expiration config option (re https://github.com/snapcore/snapd/pull/6669); also your high-level feedback on the "0" semantics would be appreciated (see my self-review comment in the PR) [15:09] PR #6669: overlord/corecfg: make expiration of automatic snapshots configurable (4/4) [15:23] Chipaca: almost forgot, https://github.com/snapcore/snapd/pull/6688 volume/structure overlap validation [15:23] PR #6688: gadget: add validation of cross structure overlap and offset writes [15:26] pstolowski: I know, we cand land 6662 to start? [15:28] pedronis: oh yes, doing! [15:28] PR snapd#6662 closed: overlord/snapstate,snapshotstate: create snapshot on snap removal (3/4) [15:34] PR snapd#6693 closed: cmd: tweak internal tool lookup to accept more possible locations [15:34] * cachio lunch [15:41] * zyga resumes work on base snap refreshes [16:10] PR # closed: core-build#11, core-build#22, core-build#26, core-build#37 [16:11] PR # opened: core-build#11, core-build#22, core-build#26, core-build#37 === pstolowski is now known as pstolowski|afk [16:32] break [16:40] abck [16:41] PR snapd#6719 opened: many: move auth.AuthContext to store.DeviceAndAuthContext, the implemention to a separate storecontext package [16:42] Chipaca: ^ it's big but mostly boring [16:43] (doesn't do the last bit discussed because it's already big like this, would be a follow up) [16:46] Bug #1824851 opened: snap-update-ns failure on `snap run lxd.activate` [16:47] hmm [16:51] hey folks, does ubuntu-image support any kind of caching or proxy? I'm iterating on a build and it's super painful to download pi-kernel every single time :/ [16:51] I have a squid I can point it to, if supported [16:52] Bug #1824851 changed: snap-update-ns failure on `snap run lxd.activate` [17:03] roadmr: I don't know but I feel the pain as well [17:03] zyga: looks like it'll take local snaps preferently, so a poor man's cache seems to be just downloading the required .snaps and putting them in PWD [17:03] testing! [17:04] * zyga breaks for an hour [17:16] PR snapcraft#2534 opened: Add SNAPCRAFT_PROJECT_DIR environment variable [17:22] mvo: cachio: related to good commit messages, we probably shouldn't merge PR levaving [RFC] in their commit [17:23] sure, pedronis: which is the PR? [17:25] cachio: 6594 that mvo merged [17:27] pedronis: ahhh, ok, your are right [17:27] pedronis: you suggest to revert/edit/merge ? [17:28] or it is just for next time? [17:30] for next time [17:33] I could use a coffee [17:38] zyga: so - download the snaps that are in your image, name them snap_revision_arch.snap (usual), then point ubuntu-image to them via --extra-snaps=/path/to/foo.snap (use one --extra-snaps per snap). That does a sort of poor man's cache :) [17:38] https://blog.ubuntu.com/2017/07/11/ubuntu-core-making-a-factory-image-with-private-snaps has more deets [17:38] roadmr: does the image get used correctly [17:38] roadmr: as in, with assertions and such [18:53] zyga: hm I didn't test the built image :/ [19:56] https://forum.snapcraft.io/t/anyone-care-to-review-this-article-on-snapd-admin/10937 [20:00] PR snapd#6720 opened: many: move Device/SetDevice to devicestate, start of making them pluggable in storecontext === Girtablulu|Away is now known as Girtablulu